/**
 * 
 */
package org.rk.core.auth.realm;

import java.util.ArrayList;
import java.util.List;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.rk.core.auth.authIntf.IAuthService;
import org.rk.core.auth.bean.ActiveUser;
import org.rk.core.common.constant.RkConst;
import org.rk.core.common.util.RkObjectUtil;
import org.rk.core.user.userPerm.CorePerm;
import org.springframework.beans.factory.annotation.Autowired;

/**
 * @author Cavion(曹仁道)
 * @类描述：验证器
 * 2016年12月3日
 */
public class RKAuthRealm extends AuthorizingRealm {

	
	@Autowired
	private IAuthService authService; 
	
	@Override
	public void setName(String name) {
		super.setName("RKAuthRealm");
	}
	/**
	 * 授权
	 */
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
		// 从 principals获取主身份信息
		// 将getPrimaryPrincipal方法返回值转为真实身份类型（在doGetAuthenticationInfo认证通过填充到SimpleAuthenticationInfo中身份类型），
		//String userName = (String) principals.getPrimaryPrincipal();

		// 根据身份信息获取权限信息
		Subject subject = SecurityUtils.getSubject();
		Session session = subject.getSession();
		ActiveUser activeUser=(ActiveUser) session.getAttribute(RkConst.session_key.activeUser);
		// 从数据库获取到权限数据
		List<CorePerm> permList = activeUser.getPermList();
		
		// 单独定一个集合对象
		List<String> permissions = new ArrayList<String>();
		if (permList != null) {
			for (CorePerm corePerm : permList) {
				// 将数据库中的权限标签 符放入集合
				if(RkObjectUtil.isEmpty(corePerm)){
					continue;
				}
				permissions.add(corePerm.getPermCode());
			}
		}
		// 查到权限数据，返回授权信息(要包括 上边的permissions)
		SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
		// 将上边查询到授权信息填充到simpleAuthorizationInfo对象中
		simpleAuthorizationInfo.addStringPermissions(permissions);

		return simpleAuthorizationInfo;
	}

	/**
	 * 认证
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException {
		UsernamePasswordToken token=(UsernamePasswordToken) authcToken;
		String currentUsername = token.getUsername();
		ActiveUser activeUser = authService.queryCurrUser(currentUsername);
		setSession(RkConst.session_key.activeUser,activeUser);
		SimpleAuthenticationInfo simpleAuthenticationInfo =new SimpleAuthenticationInfo(currentUsername, activeUser.getPassword(), this.getName());
		return simpleAuthenticationInfo;
	}
	 private void setSession(Object key, Object value){  
	        Subject subject = SecurityUtils.getSubject();  
	        if(null != subject){  
	            Session session = subject.getSession();
	            System.out.println("Session默认超时时间为[" + session.getTimeout() + "]毫秒");  
	            if(null != session){  
	                session.setAttribute(key, value);  
	            }  
	        }  
	    }  
}
